Microsoft's Windows Azure gets payment-card compliance nod

Windows Azure is is compliant with the PCI DSS, a standard designed to help thwart credit-card data fraud. Meanwhile, Azure's Hyper-V Recovery Manager is now generally available.
Written by Mary Jo Foley, Senior Contributing Editor

The Windows Azure team is starting 2014 with yet another of its regularly delivered bundles of new features and updates.


As of this month, Windows Azure is now considered "Level 1 compliant" under the Payment Card Industry (PCI) Data Security Standards (DSS). The PCI DSS is a security standard designed to help thwart credit-card data fraud. PCI certification is required for all organizations that store, process or transmit payment-cardholder data, Microsoft officials said on January 16.

Microsoft Technical Evangelist Niall Moran explained in a blog post why PCI DSS is a big deal:

"I remember building a PCI DSS compliant infrastructure in the past and it's no joke. First off, achieving compliance involves an interrogation of every aspect of how card details travel from a user's browser to your back end servers and every touch point in between. Kind of like a chain, if any link in the chain is weak, then the chain is weak. So from a PCI DSS perspective every system that touches the card details must be audited.

"This of course presents a problem for cloud data centres like Azure, where it's impossible to allow auditors every time a customer requires a certification. So, the way around this is for Microsoft to achieve compliance. Today's announcement means customers can now deploy applications and have them certified, so this opens up Azure for a new type of workload."

PCI DSS is just one of a growing number of compliance certifications that Azure now meets. Azure completed its annual ISO audit, according to Azure General Manager Steven Martin.

"In addition to Windows Azure Cloud Services, Storage, Virtual Machines and Virtual Networks, the ISO audit scope has been significantly expanded to include SQL Database, Active Directory, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Multi-Factor Authentication, and HDInsight among others," Martin blogged on January 16.

The Windows Azure team also announced this week that Azure Hyper-V Recovery Manager is now generally available. Hyper-V Recovery Manager is a disaster-recovery offering that automates the replication of running virtual machines (VMs) to a secondary, external site.

Microsoft MVP Aidan Finn noted in a blog post that Hyper-V Recovery Manager is a simple product that allows users to configure complex orchestration. However, he also said that the price is "stupid expensive." Finn said the service's reliance on System Center may put it outside the realm of potential small-to-medium-sized customers. The notion of backing up a system outside of one's own disaster-recovery site may be problematic for instances when Internet access is spotty or nonexistent, too, he said.

Details about these latest Azure updates, along with some additional ones made to Windows Azure Web Sites and Mobile Services, are available on Microsoft Vice President Scott Guthrie's blog.

Editorial standards